38% of consumers affected by ransomware pay up
Consumers are increasingly being targeted with ransomware, and many of them are paying up, according to Trustlook.
Since the beginning of 2016, ransomware has gone from a relatively exclusive category of malware utility to a mainstream destructive tool used in wave after wave of phishing attacks against individuals and companies alike. Ransomware is now so widespread that it cost businesses a total of $1 billion in 2016, according to a new report. Moreover, ransomware has been identified by the U.S. Department of Justice as the “biggest cyberthreat” of 2017.
While it’s true that attackers may have more to gain from large organizations, experts say they see consumers, with their lack of sophistication in security, as lower-hanging fruit. Because consumers usually have fewer information security resources than large organizations, breaches are far easier to achieve and are more likely to have a meaningful impact, and thus are more likely to result in a payment.
Most users are completely unaware of the threat posed by ransomware attacks and are not prepared to handle them. Trustlook’s research shows that this lack of awareness and apathy is resulting in insufficient action taken to protect devices and data. 48% of consumers are not worried about becoming a victim of a ransomware attack, and only 7% of non-impacted consumers say they would pay the ransom if they were hacked.
Study highlights
- 17% of consumers have been infected with ransomware
- 38% of affected consumers paid the ransom
- $100-$500 was the dollar range of ransomware payouts by consumers
- 45% of consumers have not heard of ransomware
- 23% of consumers do not backup the files on their computer or mobile device.
Trustlook has the following advice for consumers who are worried that they might become a victim of ransomware. “Backup your data to multiple devices, and to at least one device that is not connected to a network,” says Allan Zhang, CEO of Trustlook. “Also, be cautious of emails by checking the sender’s email address before clicking any link.”